Wednesday, June 22, 2011

Hackers Can't Be Stopped, But They Can be Contained

4 key Tips to avoid breaches

A big part of the problem is that employees have too much access to internal information. The best thing companies can do is the same stuff we've been talking about for years: make sure the core assets aren't treated with the same priority as some of the lesser systems. It all has to be protected.

If nothing else, the Lulzsec hacks have shown a light on security vulnerabilities that should have addressed years if not decades ago. These attacks are going to escalate. But organizations can implement basic steps to make the hacker's job harder.

Top 4 Recommendations

Limit access: The best thing to do is disconnect people from things they don't need to be connected to. Why would they need access to everything?

Pile on layers of security, and get up-to-date: A lot of these attacks were exploiting fairly easy techniques, like default passwords or out-of-date Apache [software] or Web servers. People were not patching or updating. They were not doing the basics.

Include breach response in disaster-recovery plans: You have scenarios in your recovery for a chaotic storm versus a physical storm. Can you shut down some of your systems without completely going offline?

Shutting certain systems down makes it harder for hackers to find their way through the network infrastructure; and the more they have to work, the more cyber crumbs they leave behind. You can't fight them off forever, but if you delay them long enough, they will leave evidence behind and may give you time to get law enforcement involved.

Admit fault and negotiate: Eventually, hackers will get in. That's why you need a diplomatic approach, to address the hackers after a breach. When you find yourself in the midst of a hack, you can try countermeasures, but you also need social techniques to diffuse the issue and come to agreement. In the case of Sony, they kept trying technical solutions for an interpersonal problem.